From 31401da642c63a50085b41061228e28072c9b15d Mon Sep 17 00:00:00 2001 From: Steffen Nurpmeso Date: Thu, 20 Jun 2019 15:52:59 +0200 Subject: Revert the former, 3.5 shipped without it, so it is not needed --- crux-patch.diff | 39 ++++++++++----------------------------- 1 file changed, 10 insertions(+), 29 deletions(-) diff --git a/crux-patch.diff b/crux-patch.diff index 3f038f7..7d401db 100644 --- a/crux-patch.diff +++ b/crux-patch.diff @@ -1,5 +1,5 @@ diff --git a/start-stop-daemon.8 b/start-stop-daemon.8 -index 2a083f3..5c99f4b 100644 +index 2a083f3..5daeab2 100644 --- a/start-stop-daemon.8 +++ b/start-stop-daemon.8 @@ -20,7 +20,7 @@ @@ -7,25 +7,11 @@ index 2a083f3..5c99f4b 100644 .\" along with this program. If not, see . . -.TH start\-stop\-daemon 8 "%RELEASE_DATE%" "%VERSION%" "dpkg suite" -+.TH start\-stop\-daemon 8 "2019-04-30" "CRUX 3.5" "dpkg suite" ++.TH start\-stop\-daemon 8 "2019-03-10" "CRUX 3.5" "dpkg suite" .nh .SH NAME start\-stop\-daemon \- start and stop system daemon programs -@@ -130,6 +130,13 @@ gets compromised, the contents of the pidfile cannot be trusted, and then - a privileged runner (such as an init script executed as root) would end up - acting on any system process. - Using \fI/dev/null\fP is exempt from these checks. -+.IP -+\fBCRUX extension:\fP -+On CRUX the above restriction is weakened and only applies to world- or -+group-writable pidfiles. -+RC scripts need to become adjusted until the Debian policy is used. -+Also, \fI/var/run\fP is writable by root only, so the daemon must have -+been started with higher rights, as root. - .TP - .BR \-x ", " \-\-exec " \fIexecutable\fP" - Check for processes that are instances of this \fIexecutable\fP. The -@@ -269,33 +276,6 @@ reason. This is a last resort, and is only meant for programs that either +@@ -269,33 +269,6 @@ reason. This is a last resort, and is only meant for programs that either make no sense forking on their own, or where it's not feasible to add the code for them to do this themselves. .TP @@ -60,7 +46,7 @@ index 2a083f3..5c99f4b 100644 Do not close any file descriptor when forcing the daemon into the background (since version 1.16.5). diff --git a/start-stop-daemon.c b/start-stop-daemon.c -index 88c9726..1c35c0b 100644 +index 88c9726..bcdce53 100644 --- a/start-stop-daemon.c +++ b/start-stop-daemon.c @@ -20,10 +20,37 @@ @@ -73,7 +59,7 @@ index 88c9726..1c35c0b 100644 #include +#else -+# define VERSION "20190430" ++# define VERSION "20190310" +# define CRUX "CRUX-Linux" + +# define WANT_SYSTEMD_NOTIFY 0 /* 1=yes */ @@ -260,18 +246,13 @@ index 88c9726..1c35c0b 100644 if (action == ACTION_NONE) badusage("need one of --start or --stop or --status"); -@@ -2297,9 +2347,11 @@ do_pidfile(const char *name) - fatale("cannot stat pidfile %s", name); +@@ -2298,7 +2348,8 @@ do_pidfile(const char *name) if (match_mode == MATCH_PIDFILE && -- ((st.st_uid != getuid() && st.st_uid != 0) || + ((st.st_uid != getuid() && st.st_uid != 0) || - (st.st_gid != getgid() && st.st_gid != 0))) -- fatal("matching only on non-root pidfile %s is insecure", name); -+ (((st.st_uid != getuid() && st.st_uid != 0) || -+ ((st.st_gid != getgid() && st.st_gid != 0))) && -+ (st.st_mode & 0022))) -+ fatal("matching only on non-root pidfile %s is insecure" -+ " (CRUX: when group/other writable)", name); ++ ((st.st_gid != getgid() && st.st_gid != 0) && ++ (st.st_mode & 0020)))) + fatal("matching only on non-root pidfile %s is insecure", name); if (st.st_mode & 0002) fatal("matching on world-writable pidfile %s is insecure", name); - -- cgit v1.2.3